Securing Infrastructure Access at Scale in Large Enterprises

Contact Sales Try for Free

Home > Additional Resources > How-to Guides

How to Access Proxmox Virtual Environment with Teleport

Posted 14th Aug 2024 by Ben Arent

What is Cryptographic Identity?

What are short-lived certificates?

Credentials vs. Cryptographic Identity

SSH Keys Explained: Enhancing Secure Access

What is zero trust security for applications and workloads?

What is Secretless (Passwordless) Authentication?

What are Access Requests?

What is Authorization?

What are Ephemeral Privileges?

What is Just-In-Time (JIT) access?

Principle of Least Privilege: What It Is & How to Implement It

What is MAC (Mandatory Access Control)?

What is OAuth 2.0 (Open Authorization)?

What is FIDO (Fast IDentity Online)?

What is U2F (Universal 2nd Factor)?

What is WebAuthn?

What is OIDC (Open ID Connect)?

What Is SAML (Security Assertion Markup Language)?

The Failures of Shared Secrets and How We Can Replace Them

What is Time-Based One-Time Password & How it Works

Risk-Adaptive Access Control (RADAC): A Deep Dive

SMS MFA: Is It Safe? Security Risks & Better Alternatives

Rule-Based Access Control (RuBAC): A Complete Guide

Time-Based Access Control (TBAC): A Complete Guide

PIM vs. PAM: Choosing the Right Approach for Identity Management

SCIM Overview: Streamlining User Management

What is Identity Governance & Administration (IGA)?

What is Identity Threat Detection and Response (ITDR)?

What is Cloud Infrastructure Entitlement Management (CIEM)?

What is Observability?

What are bastion hosts?

What is mutual TLS authentication (mTLS)?

What are non-human identities?

What is TCP/IP protocol suite?

What is a VPN (Virtual Private Network)?

Comparing TCP/IP and OSI Model

How IPv4 and IPv6 works

How to Access and Monitor IoT Devices Securely

Implementing Zero Trust Network Access in Cloud-Native Environments

SSH Bastion Server on AWS: Setup Guide & Security Benefits

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

Mastering SSH Keygen

Backend for Frontend (BFF) Pattern: Microservices for UX

Infrastructure as Code (IaC): Automating IT Infrastructure

What is PCI Compliance?

What is HIPAA compliance?

What is SOC2 compliance?

What is FedRAMP compliance?

OS Default Logging with Windows

Guide to Audit Logging for Cloud Native Companies

Auditing and Reviewing Amazon EKS Workloads

StrongDM vs Teleport

Hashicorp Boundary vs Teleport

StrongDM Alternatives to Secure Infrastructure Access

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

Auditing and Reviewing Amazon EKS Workloads

Just-in-Time Access for Amazon EKS

Auditing and Reviewing Amazon EKS Workloads

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

Authenticating GCP GKE with Google Workspace SSO

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Authenticating GKE Kubernetes Clusters with GitHub SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

How to Access Proxmox Virtual Environment with Teleport

A Guide to EC2 Instance Connect

Managing Amazon EKS Clusters with kubectl

Accessing the Inaccessible: Your Guide to AWS EC2 Serial Console

Secure EC2 RDP: The Ultimate Guide to Safe Access

Secure AWS EC2 Access with Session Manager

How to SSH into an EC2 Instance: A Step-by-Step Guide

PostgreSQL LDAP Authentication: A Step-by-Step Guide

Secure PostgreSQL with RADIUS Authentication: A Step-by-Step Guide

Simple Random Tokens: A Guide to Secure Authentication

PostgreSQL Password Authentication: A Complete Guide

PostgreSQL SSL Authentication: A Step-by-Step Guide

This guide outlines how to set up Teleport with Proxmox Virtual Environment (PVE), a platform designed for provisioning hyper-converged infrastructure. PVE allows deployment and management of virtual machines and containers. By accessing PVE via Teleport, you can easily and securely access and share the Proxmox Dashboard remotely.

Integration Status	Support	Known Issues
Experimental	Community	None

Overview

In this guide, we will cover:

Using Teleport Access to view the Proxmox GUI
Adding Teleport Server Access for host-level debugging

Proxmox Set up

Setup

To connect Proxmox to Teleport, you’ll need a Teleport Cluster. This cluster can be one managed by Teleport Cloud, or a self-hosted community-edition cluster. Signup for a 14 day trial, or run a self-hosted community-edition cluster.

Once deployed you’ll need to set up and install the Teleport App Service. In our case, we’ll also make this a SSH service for easier debugging.

Proxmox Setup Diagram

Generate a Token

To setup the app service, please follow the Web Application Access Guide. When generating a token, use tctl tokens add --type=app,node this will let you access both the Proxmox server and the Proxmox UI.

tctl tokens add --type=app,node

Configure Teleport

Start the Teleport App & Node service with a config similar to and save it to `/etc/teleport.yaml`

# Save this file to /etc/teleport.yaml
version: v3
teleport:
  nodename: pve
  proxy_server: example.teleport.sh:443
  data_dir: /var/lib/teleport
  join_params:
    token_name: "REPLACE_TOKEN"
    method: token
  log:
    output: stderr
    severity: INFO
    format:
      output: text
  ca_pin: ""
  diag_addr: ""
auth_service:
  enabled: "no"
ssh_service:
  enabled: "yes"
app_service:
  enabled: "yes"
  apps:
    - name: "proxmox"
      uri: "https://localhost:8006"
      insecure_skip_verify: true
proxy_service:
  enabled: "no"

Replace the following values:

proxy_server: The URL of your Teleport cluster (e.g. example.teleport.sh or example.com). Note: You will need a wildcard certificate as Proxmox will be accessed at proxmox.example.com.
token_name: The token generated in the previous step.

Save this file to /etc/teleport.yaml and start Teleport:

sudo teleport start --config=/etc/teleport.yaml

Once started, you should see the Proxmox app and pve node in the Teleport resources view:

Proxmox Final Setup

You can now access both the proxmox UI for creating VMs and the underlying OS for creating VMs with the CLI. If you have any questions please post in our GitHub Discussion or Community Slack.

What is Cryptographic Identity?

What are short-lived certificates?

Credentials vs. Cryptographic Identity

SSH Keys Explained: Enhancing Secure Access

What is zero trust security for applications and workloads?

What is Secretless (Passwordless) Authentication?

What are Access Requests?

What is Authorization?

What are Ephemeral Privileges?

What is Just-In-Time (JIT) access?

Principle of Least Privilege: What It Is & How to Implement It

What is MAC (Mandatory Access Control)?

What is OAuth 2.0 (Open Authorization)?

What is FIDO (Fast IDentity Online)?

What is U2F (Universal 2nd Factor)?

What is WebAuthn?

What is OIDC (Open ID Connect)?

What Is SAML (Security Assertion Markup Language)?

The Failures of Shared Secrets and How We Can Replace Them

What is Time-Based One-Time Password & How it Works

Risk-Adaptive Access Control (RADAC): A Deep Dive

SMS MFA: Is It Safe? Security Risks & Better Alternatives

Rule-Based Access Control (RuBAC): A Complete Guide

Time-Based Access Control (TBAC): A Complete Guide

PIM vs. PAM: Choosing the Right Approach for Identity Management

SCIM Overview: Streamlining User Management

What is Identity Governance & Administration (IGA)?

What is Identity Threat Detection and Response (ITDR)?

What is Cloud Infrastructure Entitlement Management (CIEM)?

What is Observability?

What are bastion hosts?

What is mutual TLS authentication (mTLS)?

What are non-human identities?

What is TCP/IP protocol suite?

What is a VPN (Virtual Private Network)?

Comparing TCP/IP and OSI Model

How IPv4 and IPv6 works

How to Access and Monitor IoT Devices Securely

Implementing Zero Trust Network Access in Cloud-Native Environments

SSH Bastion Server on AWS: Setup Guide & Security Benefits

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

Mastering SSH Keygen

Backend for Frontend (BFF) Pattern: Microservices for UX

Infrastructure as Code (IaC): Automating IT Infrastructure

What is PCI Compliance?

What is HIPAA compliance?

What is SOC2 compliance?

What is FedRAMP compliance?

OS Default Logging with Windows

Guide to Audit Logging for Cloud Native Companies

Auditing and Reviewing Amazon EKS Workloads

StrongDM vs Teleport

Hashicorp Boundary vs Teleport

StrongDM Alternatives to Secure Infrastructure Access

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

Auditing and Reviewing Amazon EKS Workloads

Just-in-Time Access for Amazon EKS

Auditing and Reviewing Amazon EKS Workloads

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

Authenticating GCP GKE with Google Workspace SSO

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Authenticating GKE Kubernetes Clusters with GitHub SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

How to Access Proxmox Virtual Environment with Teleport

A Guide to EC2 Instance Connect

Managing Amazon EKS Clusters with kubectl

Accessing the Inaccessible: Your Guide to AWS EC2 Serial Console

Secure EC2 RDP: The Ultimate Guide to Safe Access

Secure AWS EC2 Access with Session Manager

How to SSH into an EC2 Instance: A Step-by-Step Guide

PostgreSQL LDAP Authentication: A Step-by-Step Guide

Secure PostgreSQL with RADIUS Authentication: A Step-by-Step Guide

Simple Random Tokens: A Guide to Secure Authentication

PostgreSQL Password Authentication: A Complete Guide

PostgreSQL SSL Authentication: A Step-by-Step Guide

Table of Contents

Background image

Teleport Enterprise

Protect your infrastructure with essential security & compliance capabilities

Tags

integration